This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 22%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EI%3C/text%3E%3C/svg%3E)
HI,
I had a weird issue where i couldnt log into dc1, it kept saying my username / password is wrong. My account is part of the domain admins and i could log into dc2 and dc3. Upon reboot i was able to access dc1, which led me to think there is misconfiguration happening between the 3 DCs. Can someone confirm what the proper DNS settings should be for 3 Domain Controllers in one forest?
dc1 and dc2 are physically in datacenter1 and in the "Default-First-Site-Name" in Active Directory Sites and Services.
dc3 is in a different physical datacenter2 and respectively in a different site than "Default-First-Site-Name" in Active Directory Sites and Services.
Datacenter 1 and Datacenter 2 connect with a WAN leased 10Gig link so bandwidth is not an issue.
ALL 3 DCs provide DNS for redundancy and the settings are as follow.
dc1 IP 10.0.0.130
DNS1: 10.0.0.131
DNS2: 10.0.0.130 <--- itself *should this be loopback address instead???
dc2 IP 10.0.0.131
DNS1: 10.0.0.130
DNS2: 10.0.0.131 <--- itself *should this be loopback address instead???
dc3 IP 10.5.0.130
DNS1: 10.0.0.130 <--dc1
DNS2: 10.0.0.131<--dc2
Is this proper configuration for DNS for all 3 DCs? I feel like as it is nothing is pointing to DC3.
I should also mention that we used openDNS as part of Cisco umbrella which delegates dns to the 3 DCs.
Any help would be greatly appreaciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 73%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESQ%3C/text%3E%3C/svg%3E)
Hi,
Just checking in to see if the information provided was helpful.
If yes, you may accept useful reply as answer, if not, welcome to feedback.
Best Regards,
Sunny
Wouldnt this also cause Replications issues between the domains if all 3 DCs point to themselves? Is your suggestion considered best practices? i would think this is incorect but i appreciate the response
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I'd suggest working through this one.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/creating-a-dns-infrastructure-design
--please don't forget to Accept as answer if the reply is helpful--
Hi,
Thanks for posting in Q&A platform.
We recommended best practice is for all DCs to use themselves for primary DNS.
Secondary DNS should be set based on highest availability and highest access speed. This may leave you with multiple DCs using the same secondary depending on your topology and equipment.
Best Regards,
Sunny
----------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.